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Publishing content in connection with digital rights management (DRM) architecture 



A packager packages digital content for a user 
and a licensor issues a digital license to the user for the 
content such that the user renders the content only in 
accordance with the license. The licensor and packager 
share a Secret to allow the packager and the licensor to 
calculate a content key (KD) forthe content. To package 
the content for the user, the packager calculates a con- 



tent key (KD) based on the shared Secret and a content 
ID and encrypts the content according to (KD). To issue 
a license to the user for the content, the licensor also 
calculates (KD) based on the shared Secret and the 
content ID, encrypts (KD) according to a public key of 
the user to form the license, and sends the license to 
the user. 
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Description 
TECHNICAL FIELD 

[0001] The present invention relates to an architec- 
ture for enforcing rights in digital content. More specifi- 
cally, the present invention relates to such an enforce- 
ment architecture that allows access to encrypted digital 
content only in accordance with parameters specified 
by license rights acquired by a user of the digital content. 
Even more specifically, the present invention relates to 
such an architecture that is particularly useful in connec- 
tion with publishing content. 

BACKGROUND OF THE INVENTION 

[0002] As is known, and referring now to Fig. 1 , digital 
rights management (DRM) and enforcement system is 
highly desirable in connection with digital content 12 
such as digital audio, digital video, digital text, digital da- 
ta, digital multimedia, etc., where such digital content 12 
is to be distributed to users. Upon being received by the 
user, such user renders or 'plays' the digital content with 
the aid of an appropriate rendering device such as a me- 
dia player on a personal computer 14 or the like. 
[0003] Typically, a content owner distributing such 
digital content 12 wishes to restrict what the user can 
do with such distributed digital content 1 2. For example, 
the content owner may wish to restrict the user from cop- 
ying and re-distributing such content 1 2 to a second us- 
er, or may wish to allow distributed digital content 1 2 to 
be played only a limited number of times, only for a cer- 
tain total time, only on a certain type of machine, only 
on a certain type of media player, only by a certain type 
of user, etc. 

[0004] However, after distribution has occurred, such 
content owner has very little if any control overthe digital 
content 12. A DRM system 10, then, allows the control- 
led rendering or playing of arbitrary forms of digital con- 
tent 12, where such control is flexible and definable by 
the content owner of such digital content. Typically, con- 
tent 1 2 is distributed to the user in the form of a package 
13 by way of any appropriate distribution channel. The 
digital content package 13 as distributed may include 
the digital content 12 encrypted with a symmetric en- 
cryption / decryption key (KD), (i.e., (KD(CONTENT))), 
as well as other information identifying the content, how 
to acquire a license for such content, etc. 
[0005] The trust-based DRM system 10 allows an 
owner of digital content 12 to specify license rules that 
must be satisfied before such digital content 12 is al- 
lowed to be rendered on a user's computing device 14. 
Such license rules can include the aforementioned tem- 
poral requirement, and may be embodied within a digital 
license 16 that the user / user's computing device 14 
(hereinafter, such terms are interchangeable unless cir- 
cumstances require otherwise) must obtain from the 
content owner or an agent thereof. Such license 1 6 also 



includes the decryption key (KD) for decrypting the dig- 
ital content, perhaps encrypted according to a key de- 
cryptable by the user's computing device. 
[0006] The content owner for a piece, of digital con- 

5 tent 12 must trust that the users computing device 14 
will abide by the rules and requirements specified by 
such content owner in the license 1 6, i.e. that the digital 
content 12 will not be rendered unless the rules and re- 
quirements within the license 16 are satisfied. Prefera- 

10 bly, then, the user's computing device 14 is provided 
with a trusted component or mechanism 1 8 that will not 
render the digital content 12 except according to the li- 
cense rules embodied in the Iicense16 associated with 
the digital content 12 and obtained by the user. 

15 [0007] The trusted component 18 typically has a li- 
cense evaluator20 that determines whether the license 
16 is valid, reviews the license rules and requirements 
in such valid license 16, and determines based on the 
reviewed license rules and requirements whetherthe re- 

20 questing user has the right to render the requested dig- 
ital content 12 in the manner sought, among other 
things. As should be understood, the license evaluator 
20 is trusted in the DRM system 1 0 to carry out the wish- 
es of the owner of the digital content 1 2 according to the 

25 rules and requirements in the license 16, and the user 
should not be able to easily alter such trusted element 
for any purpose, nefarious or otherwise. 
[0008] As should be understood, the rules and re- 
quirements in the license 1 6 can specify whetherthe us- 

30 er has rights to render the digital content 12 based on 
any of several factors, including who the user is, where 
the user is located, what type of computing device the 
user is using, what rendering application is calling the 
DRM system, the date, the time, etc. In addition, the 

35 rules and requirements of the license 16 may limit the 
license 1 6 to a predetermined number of plays, or pre- 
determined play time, for example. 
[0009] The rules and requirements may be specified 
in the license 1 6 according to any appropriate language 

40 and syntax. For example, the language may simply 
specify attributes and values that must be satisfied 
(DATE must be later than X, e.g.), or may require the 
performance of functions according to a specified script 
(IF DATE greater than X, THEN DO e.g.). 

45 [0010] Upon the license evaluator 20 determining that 
the license 16 is valid and that the user satisfies the rules 
and requirements the rein, the digital content 1 2 can then 
be rendered. In particular, to render the content 12, the 
decryption key (KD) is obtained from the license 12 and 

50 is applied to (KD(CONTENT)) from the content package 
1 3 to result in the actual content 12, and the actual con- 
tent 12 is then in fact rendered. 

[0011] In a DRM system 10, content 12 is packaged 
for use by a user by encrypting such content 1 2 and as- 
55 sociating a license 1 6 having a set of rules with the con- 
tent 12, whereby the content 12 can be rendered only 
in accordance with the rules in the license 1 6. Because 
the content 1 2 requires the license 1 6 for access there- 
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to, then, the content 12 may be freely distributed. Ac- 
cordingly, to package content 12 for publishing in ac- 
cordance with the DRM system 10, a packager and a 
licensor must exchange information such that the pack- 
ager can package DRM content 12 for which the licensor 
can issue a corresponding license 1 6. More particularly, 
a need exists for a method and mechanism by which a 
licensor can 'provision' a packager to package content 
for publishing, by which the packager in fact packages 
the content for publishing, and by which a license forthe 
packaged content is obtained by a user. 

SUMMARY OF THE INVENTION 

[0012] In one embodiment of the present invention, a 
packager packages digital content for a user and a li- 
censor issues a digital license to the user forthe content 
such that the user renders the content only in accord- 
ance with the license. To provision the packager to pack- 
age the content forthe user, the licensor upon receiving 
a provisioning request from the packager generates a 
Secret to be shared with the packager. The shared Se- 
cret allows the packager and the licensor to calculate a 
content key (KD) for the content. 
[0013] The licensor generates a random content key 
(KD-PROV), and encrypts the Secret according to 
(KD-PROV) to form (KD-PROV(Secret)). The licensor 
signs a public key of the packager (PU-PA1) with a pri- 
vate key of the licensor (PR-LI) to certify same 
((PU-PA1) S (PR-LI)), and sends (KD-PROV(Secret)), 
(PU-PA1) S (PR-LI), and any associated certificate 
chain to the packager. 

[0014] In one embodiment of the present invention, 
the packager as provisioned has provisioning content 
from the licensor including (KD-PROV(Secret)), and a 
provisioning license from the licensor including 
(KD-PROV) encrypted according to a public key of the 
packager (PU-PA2) ((PU-PA2(KD-PROV))). To pack- 
age the content for the user, the packager selects the 
provisioning license and provisioning content from the 
licensor, obtains (PU-PA2(KD-PROV)) from the provi- 
sioning license, applies a corresponding private key of 
the packager (PR-PA2) to (PU-PA2(KD-PROV)) to re- 
sult in (KD-PROV), obtains (KD-PROV(Secret)) from 
the provisioning content, and applies (KD-PROV) to 
(KD-PROV(Secret)) to result in the shared Secret. 
[0015] The packager then generates a random con- 
tent ID for the content, calculates a content key (KD) 
based on the random content ID and the Secret, and 
encrypts the content according to (KD) ((KD(Content))). 
Thereafter, the packager obtains a provisioning content 
ID having an identifier of the licensor from one of the 
provisioning license and the provisioning content, ap- 
pends to (KD(Content)) the random content ID. a public 
key of the packager (PU-PA1), and the identifier of the 
licensor to form the packaged content, and distributes 
the packaged content to the user. 
[0016] In one embodiment of the present invention, 



the packaged content as possessed by the user in- 
cludes (KD(Content)), the content ID, and (PU-PAI).To 
issue a license to the user for the content, the licensor 
receives a request including the content ID, (PU-PA1), 

5 and a public key associated with the user (PU-US) that 
is to be employed to bind the license to the user. The 
licensor obtains based on (PU-PA1 ) stored provisioning 
information regarding the packager including the shared 
Secret, calculates (KD) based on the content ID re- 

10 ceived with the request and the obtained Secret, and 
encrypts (KD) according to (PU-US) as received with the 
request ((PU-US(KD))). The licensor then appends to 
(PU-US(KD)) the content ID to form the license, and 
sends the license to the user. 

15 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0017] The foregoing summary, as well as the follow- 
ing detailed description of the embodiments of the 

20 present invention, will be better understood when read 
in conjunction with the appended drawings. Forthe pur- 
pose of illustrating the invention, there are shown in the 
drawings embodiments which are presently preferred. 
As should be understood, however, the invention is not 

25 limited to the precise arrangements and ins' trumental- 
ities shown. In the drawings: 

Fig. 1 is a block diagram showing an enforcement 
architecture of an example of a trust-based system; 
30 Fig. 2 is a block diagram representing a general pur- 
pose computer system in which aspects of the 
present invention and/or portions thereof maybe in- 
corporated; 

Fig. 3 is a block diagram showing interaction be- 
35 tween a licensor, a packager, and a user in the 
course of the licensor provisioning the packager to 
package content, the packager packaging the con- 
tent and delivering same to the user, and the user 
obtaining a license for the packaged content in ac- 
40 cordance with one embodiment of the present in- 
vention; 

Fig. 4 is a flow diagram showing steps performed 
by the licensor and packager of Fig. 3 in the course 
of provisioning the packager to package content in 
45 accordance with one embodiment of the present in- 
vention; 

Figs. 5 and 6 respectively are block diagrams show- 
ing a provisioning license and provisioning content 
resulting from the process of Fig. 4 as obtained by 
50 the packager from the licensor in accordance with 
one embodiment of the present invention; 
Fig. 7 is a flow diagram showing steps performed 
by the packager of Fig. 3 in the course of packaging 
the content and delivering same to the user in ac- 
55 cordance with one embodiment of the present in- 
vention; 

Fig. 8 is a block diagram showing the content re- 
sulting from the process of Fig. 7 as obtained by the 
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user from the packager in accordance with one em- 
bodiment of the present invention; 
Fig. 9 is a flow diagram showing steps performed 
by the licensor and user of Fig. 3 in the course of 
the user obtaining a license for the packaged con- 
tent in accordance with one embodiment of the 
present invention; and 

Fig. 10 is a block diagram showing the license re- 
sulting from the process of Fig. 9 as obtained by the 
user from the licensor in accordance with one em- 
bodiment of the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 

COMPUTER ENVIRONMENT 

[0018] Fig. 1 and the following discussion are intend- 
ed to provide a brief general description of a suitable 
computing environment in which the present invention 
and/or portions thereof may be implemented. Although 
not required, the invention is described in the general 
context of computer-executable instructions, such as 
program modules, being executed by a computer, such 
as a client workstation or a server. Generally, program 
modules include routines, programs, objects, compo- 
nents, data structures and the like that perform particu- 
lar tasks or implement particular abstract data types. 
Moreover, it should be appreciated that the invention 
and/or portions thereof may be practiced with other 
computer system configurations, including hand-held 
devices, multiprocessor systems, microprocessor- 
based or programmable consumer electronics, network 
PCs, minicomputers, mainframe computers and the 
like. The invention may also be practiced in distributed 
computing environments where tasks are performed by 
remote processing devices that are linked through a 
communications network. In a distributed computing en- 
vironment, program modules may be located in both lo- 
cal and remote memory storage devices. 
[0019] As shown in Fig. 2, an exemplary general pur- 
pose computing system includes a conventional per- 
sonal computer 120 or the like, including a processing 
unit 1 21 , a system memory 1 22, and a system bus 1 23 
that couples various system components including the 
system memory to the processing unit 1 21 . The system 
bus 123 may be any of several types of bus structures 
including a memory bus or memory controller, a periph- 
eral bus, and a local bus using any of a variety of bus 
architectures. The system memory includes read-only 
memory (ROM) 1 24 and random access memory (RAM) 
1 25. A basic input/output system 1 26 (BIOS), containing 
the basic routines that help to transfer information be- 
tween elements within the personal computer 1 20, such 
as during start-up, is stored in ROM 124. 
[0020] The personal computer 120 may further in- 
clude a hard disk drive 127 for reading from and writing 
to a hard disk (not shown), a magnetic disk drive 1 28 for 
reading from or writing to a removable magnetic disk 



129, and an optical disk drive 130 for reading from or 
writing to a removable optical disk 131 such as a 
CD-ROM or other optical media. The hard disk drive 
1 27, magnetic disk drive 1 28, and optical disk drive 1 30 

5 are connected to the system bus 123 by a hard diskdrive 
interface 132, a magnetic disk drive interface 133, and 
an optical drive interface 134, respectively. The drives 
and their associated computer-readable media provide 
non-volatile storage of computer readable instructions, 

10 data structures, program modules and other data for the 
personal computer 20. 

[0021] Although the exemplary environment de- 
scribed herein employs a hard disk, a removable mag- 
netic disk 129, and a removable optical disk 131, it 

15 should be appreciated that other types of computer 
readable media which can store data that is accessible 
by a computer may also be used in the exemplary op- 
erating environment. Such other types of media include 
a magnetic cassette, a flash memory card, a digital vid- 

20 eo disk, a Bernoulli cartridge, a random access memory 
(RAM), a read-only memory (ROM), and the like. 
[0022] A number of program modules may be stored 
on the hard disk, magnetic disk 129, optical disk 131 , 
ROM 124 or RAM 125, including an operating system 

25 135 ; one or more application programs 136, other pro- 
gram modules 137 and program data 138. A user may 
enter commands and information into the personal com- 
puter 1 20 through input devices such as a keyboard 1 40 
and pointing device 142. Other input devices (not 

30 shown) may include a microphone, joystick, game pad, 
satellite disk, scanner, or the like. These and other input 
devices are often connected to the processing unit 121 
through a serial port interface 1 46 that is coupled to the 
system bus, but may be connected by other interfaces, 

35 such as a parallel port, game port, or universal serial 
bus (USB). A monitor 1 47 or other type of display device 
is also connected to the system bus 123 via an interface, 
such as a video adapter 148. In addition to the monitor 
147, a personal computer typically includes other pe- 

40 ripheral output devices (not shown), such as speakers 
and printers. The exemplary system of Fig. 2 also in- 
cludes a host adapter 155 ; a Small Computer System 
Interface (SCSI) bus 156, and an external storage de- 
vice 162 connected to the SCSI bus 156. 

45 [0023] The personal computer 120 may operate in a 
networked environment using logical connections to 
one or more remote computers, such as a remote com- 
puter 149. The remote computer 149 may be another 
personal computer, a server, a router, a network PC, a 

50 peer device or other common network node, and typi- 
cally includes many or all of the elements described 
above relative to the personal computer 120, although 
only a memory storage device 150 has been illustrated 
in Fig. 2. The logical connections depicted in Fig. 2 in- 

55 elude a local area network (LAN) 151 and a wide area 
network (WAN) 1 52. Such networking environments are 
commonplace in offices, enterprisewide computer net- 
works, intranets, and the Internet. 
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[0024] When used in a LAN networking environment, 
the personal computer 1 20 is connected to the LAN 1 51 
through a network interface or adapter 153. When used 
in a WAN networking environment, the personal com- 
puter 120 typically includes a modem 154 or other 
means for establishing communications over the wide 
area network 152, such as the Internet. The modem 
154, which may be internal or external, is connected to 
the system bus 123 via the serial port interface 146. In 
a networked environment, program modules depicted 
relative to the personal computer 1 20, or portions there- 
of, may be stored in the remote memory storage device. 
It will be appreciated that the network connections 
shown are exemplary and other means of establishing 
a communications link between the computers may be 
used. 

PUBLISHING CONTENT 

[0025] As disclosed thus far, the DRM architecture 1 0 
controls access to digital content 12 by encrypting and 
packaging the content 12 and allowing access to the 
content 12 only in accordance with a set of rules in a 
corresponding license 16. However, it is to be appreci- 
ated that the DRM architecture 1 0 as set forth above is 
somewhat involved. Especially in the area of publishing, 
where an individual wishes to publish content 12 within 
the framework of the DRM architecture 1 0, such archi- 
tecture 1 0 may be somewhat modified as set forth below 
to enable such personal packaging and publishing in a 
simplified and economical manner. Of course, any pack- 
ager/publisher may employ the architecture 1 0 set forth 
below without departing from the spirit and scope of the 
present invention. 

[0026] Assetforth below, publishing of content 12 and 
consumption of the published content 12 in connection 
with the DRM architecture 10 requires: (1) that a licensor 
'provision' a publisher or the like to package content 12 
for publishing; (2) that the packager in fact packages the 
content 12 for publishing; and (3) that the packaged con- 
tent 13 as published be rendered by a user at a com- 
puting device 14 based on a license 16 obtained from 
the licensor. Each of the aforementioned will be dealt 
with in turn. 

Provisioning a Packager to Package Content 

[0027] In one embodiment of the present invention, 
and referring now to Fig. 3, prior to actually publishing 
content 12, a packager 60 and a licensor 62 must ex- 
change information such that the packager 60 / publish- 
er can publish content 1 2 for consumption by a user 64 
at a computing device 1 4, and such that the licensor 62 
can issue a license 1 6 to the user 64 for rendering the 
content 12. Put another way, the licensor 62 must 'pro- 
vision' the packager. Note here that the packager 60 of 
the content 12 may be the publisher of such content 12 
or may be separate from such publisher. In the embod- 



iment, provisioning is based on a Secret that is shared 
between the packager 60 and licensor 62 and a public 
private key pair associated with the packager 60 
(PU-PA1 . PR-PA1). 

5 [0028] As is typical, the key pair (PU-PA1 , PR-PA1 ) is 
employed by the packager 60 to identify itself, to encrypt 
and decrypt, and to create a signature. The shared Se- 
cret between the licensor and the packager allows each 
to calculate a content key (KD) for a piece of content 1 2 . 

10 The calculation can be based on any algorithm agreed 
upon by both the licensor and the packager without de- 
parting from the spirit and scope of the present inven- 
tion. In one embodiment of the present invention, the 
content key (KD) fora piece of content 1 2 having a con- 

15 tent ID is obtained from a hash of the content ID and the 
Secret, such as for example a hash based on the SHA 
algorithm: 

20 Content Key (KD) = SHA( Content ID, Secret ) 

[0029] In one embodiment of the present invention, 
and turning now to Fig. 4, provisioning is performed as 
follows. Preliminarily, the packager 60 requests that the 

25 licensor 62 provision such packager 60 (step 1 401 ). The 
request may take any particular form without departing 
from the spirit and scope of the present invention, but at 
a minimum includes an identifying certificate 66 and an 
associated certificate chain 68. AS explained in more 

30 detail below, the identifying certificate 66 in particular 
includes a public key associated with the packager 60 
(PU-PA2) that is to be employed to bind a license 1 6 to 
the packager 60, where the packager 60 also has a cor- 
responding private key (PR-PA2). 

35 [0030] Note that (PU-PA2, PR-PA2) may be different 
from (PU-PA1, PR-PA1) or the same as (PU-PA1 , 
PR-PA1). Ideally, however, the pairs of keys should be 
distinct. In particular, and as is conventional, (PR-PA2) 
should be accessible only by the trusted component 18, 

40 and should never be made available externally. 

[0031] In addition, the request can include proposed 
business rules 70. As may be appreciated, the business 
rules 70 are the conditions under which a user 64 is to 
be granted a license 1 6 for content 1 2 packaged by the 

45 packager 60. Such rules 70 may for example specify 
that the content be rendered only a set number of times, 
a set number of days, etc. The licensor 62 typically has 
the discretion to agree to the business rules 70 or to 
require modifications thereto. 

50 [0032] Upon receiving the request, the licensor 62 
may first perform any transaction with the packager 60 
that the licensor 62 deems appropriate (step 1403). For 
example, the licensor 62 could require the packager 60 
to start a subscription, pay a fee, etc. The licensor 62 

55 could also authenticate the identity of the packager 60 
through any available mechanism. 
[0033] In response to the request, the licensor 62 be- 
gins provisioning the packager 60 by generating items 



20 
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specific to such packager 60 (step 1405). Specifically, 
the licensor 62 generates the aforementioned shared 
Secret. In addition, it may be the case that the licensor 
62 generates the key pair (PU-PA1 , PR-PA1) for the 
packager 60 at this point. If so, the licensor 62 signs 
(PU-PA 1) with a private key (PR-LI) to certify same (i. 
e., (PU-PA1) S (PR-LI)). 

[0034] Of course, the packager 60 may object to the 
licensor 62 knowing (PR-PA1). If so, the Packager ob- 
tains the key pair (PU-PA1, PR-PA1)from another 
source, sends (PU-PA1)to the licensor as part of the re- 
quest at step 1401, and the licensor 62 signs the sent 
(PU-PA1) with a private key (PR-LI) to certify same (i. 
e., (PU-PA1) S (PR-LI)). 

[0035] The generated shared Secret, (PU-PA1) S 
(PR-LI), an associated certificate chain for (PU-PA1) S 
(PR-LI), and (PR-PA1) if generated by the licensor 62 
are to be sent to the packager 60 by such licensor 62, 
and at least some of such items must be received and 
retained by the packager 60 in a secure manner. Ac- 
cordingly, in one embodiment of the present invention, 
such items are sent in the form of a piece of DRM con- 
tent 12, which in this case is provisioning content 12. 
Note that the provisioning content 12 is a special form 
of content 12 in that such provisioning content 12 is in 
effect rendered only to divulge the items therein. 
[0036] In particular, the licensor generates a random 
content key (KD-PROV) for the provisioning content 12 
(step 1407), and then encrypts one or more of such 
items (Secret, (PU-PA1) S (PR-LI), certificate chain, and 
(PR-PA 1 )) according to (KD-PROV) to form such pro- 
visioning content 12 (step 1409). Note that all of such 
items may be encrypted to form the provisioning content 
1 2, or only select ones of such items may be so encrypt- 
ed. In the latter case, and for example, only Secret and 
(PR-PA 1 ) are so encrypted, and (PU-PA1 ) S (PR-LI)and 
the certificate chain are appended to the encrypted pro- 
visioning content 12 as a header or the like. 
[0037] As should be appreciated, for the provisioning 
content 12 to be 'rendered 1 by the packager 60 and a 
trusted component 18 thereof, a corresponding provi- 
sioning license 16 is required. Accordingly, the licensor 
generates such a provisioning license by retrieving 
(PU-PA2) from the identifying certificate 66 that accom- 
panied the request in step 1401 (step 1411), and en- 
crypting (KD-PROV) with (PU-PA2) to form (PU-PA2 
(KD-PROV)) (step 1413). 

[0038] Note that the provisioning license 16 and the 
provisioning content 12 both should have a content ID. 
Accordingly, the licensor 62 generates such a content 
ID and appends same to both the provisioning license 
1 6 and the provisioning content 12. Such content ID may 
be any appropriate content ID. without departing from 
the spirit and scope of the present invention. For exam- 
ple, the content ID may be an identifier of the licensor 
62, such as a URL thereof. Note, though, that if the li- 
censor 62 is to generate multiple sets of provisioning 
licenses 1 6 and provisioning content 1 2 forthe packager 



60, each set should have a unique content ID. Accord- 
ingly, and in such a case, the content ID may also be 
based on the URL of the licensor 62 and additional in- 
formation. 

5 [0039] It is to be appreciated that the licensor 62 may 
wish to constrain the ability of the packager 60 to pack- 
age content 12. For example, the licensor 60 may wish 
to have the packager 60 pay a fee each time such con- 
tent 12 is packaged thereby. In one embodiment of the 

10 present invention, then, the provisioning license 16 is a 
rich license that can include an abundant set of usage 
rules that apply to the packager 62. Accordingly, and in 
such a case, the licensorspecif ies particular usage rules 
for using the provisioning license 16 (step 1415), and 

15 appends same to the provisioning license 16 (step 
1417). 

[0040] In one embodiment of the present invention, 
the licensor 62 maintains a record of at least some of 
the information incumbent in the provisioning license 1 6 

20 and the provisioning content 12. Typically, such provi- 
sioning information is stored in a database or the like 
(step 1419), and is used when constructing a license 1 6 
for a user 64 based on content 1 2 packaged by the pack- 
ager 60 in accordance with the provisioning license 16 

25 and the provisioning content 12, as will be disclosed in 
more detail below. 

[0041 ] Once the licensor 62 has finished constructing 
the provisioning license 1 6 and the provisioning content 
12, and assuming any transaction details as at step 

30 1403 have been concluded, the licensor 62 then sends 
the provisioning license 1 6 and the provisioning content 
1 2 to the packager 60 and the packager 60 appropriately 
stores same (step 1421) in a license store and content 
store of a trusted component 1 8 thereof, respectively. 

35 Such a provisioning license 1 6 and piece of provisioning 
content 12 are shown in Figs. 5 and 6, respectively. 

Packaging Content at the Packager 

40 [0042] Turning now to Fig. 7. once a packager 60 is 
provisioned with a provisioning license 16 and a provi- 
sioning content 12 such as those shown in Figs. 5 and 
6, such packager 60 can package content 12 as pack- 
aged content 13 and distribute same, as follows. Note 

^5 that packaging may be performed in response to a re- 
quest for the content 1 2 from a user 64, or may be per- 
formed to have content 12 available should a user 64 
request same. 

[0043] Preliminarily the packager 60 selects a licen- 
50 sor 62 to issue licenses 1 6 for the to-be-packaged con- 
tent 12 (step 1701). Presumably, multiple licensors 62 
are available for use by the packager 60, and the pack- 
ager 60 has at least one set of a provisioning license 1 6 
and provisioning content 12 for each available licensor 
55 62. 

[0044] Once the licensor 62 is selected and a set of a 
provisioning license 1 6 and provisioning content 1 2 from 
the licensor 62 is selected (assuming more than one ex- 
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ists), the packager binds to the selected provisioning li- 
cense 16. That is, the packager 60 has a trusted com- 
ponent 18 operating on a computing device 14 of such 
packager 60. and the packager 60 requests that the 
trusted component 18 make available the provisioning 
content key (KD-PROV) from such selected provision- 
ing license 1 6 (step 1 703). Accordingly, the trusted com- 
ponent 1 8 reviews any usage rules in the selected pro- 
visioning license 16 and makes a determination based 
on such usage rules and any other rules on whether the 
provisioning content key(KD-PROV) can be made avail- 
able (step 1705). 

[0045] Assuming the provisioning content key 
(KD-PROV) is to be made available, the trusted compo- 
nent 18 in fact obtains such (KD-PROV) by obtaining 
(PU-PA2(KD-PROV)) from the license 16 (step 1707), 
and applying (PR-PA2) thereto to result in (KD-PROV) 
(step 1709). Note that (PR-PA2) may be the private key 
of the black box 30 of the trusted component 18 
(PR-BB), or may be the private key of another key pair. 
Such another key pair may for example be a key pair 
owned by the packager 60 and available to the trusted 
component 1 8 and the black box 30 thereof. 
[0046] With (KD-PROV), the packager 60 / trusted 
component 18 decrypts the encrypted contents of the 
selected provisioning content 12 corresponding to the 
selected provisioning license 16 (step 1 711). According- 
ly, the content ID including the URL of the licensor 62, 
the Secret, (PU-PA1) S (PR-LI), the certificate chain, 
and (PR-PA1) are available, and (PU-PA1) is made 
available by traversing the certificate chain to obtain 
(PU-LI) and applying same to (PU-PA1 ) S (PR-LI) to ver- 
ify (PU-PA1). Alternatively, if the packager 60 already 
knows (PU-PA1) and (PR-PA1). the Secret, (PU-PA1) S 
(PR LI) and the certificate chain are available from the 
provisioning content, the certificate chain is traversed to 
obtain (PU-LI) and verify (PU-PA1) S (PR-LI) 
[0047] Based on having the content ID including the 
URL of the licensor 62, the Secret, (PU-PA1), and 
(PR-PA1 ), the packager 60 then can package the con- 
tent 12. In particular, the packager 60 generates or se- 
lects a content ID for the content 12 to be packaged (step 
1713), calculates a content key (KD) such as for exam- 
ple by applying the random content ID and the Secret to: 

Content Key (KD) = SHA( Content ID, Secret) 

(step 1715), and then encrypts the content 12 according 
to (KD) to result in (KD(Content)) (step 1 717). Note that 
the content ID could be random or non-random, and in 
fact can be an identifier such as for example an ISBN 
numberfor a book, a docket numberfor a document, etc. 
[0048] In one embodiment of the present invention, 
the packaged content 13 includes the encrypted content 
12 (KD(Cohtent)) and a rights label having meta-data, 
relevant to the encrypted content 12. In particular, in the 
embodiment, the packager 60 packages (KD(Content)) 



with a rights label 72 including the content ID,(PU-PA1), 
the URL of the licensor 62, and usage rules specifying 
how the user 64 can render the content 1 2 as packaged 
(step 1719). The rights label 72 or at least a portion 
5 thereof should be signed by (PR-PA1) to prevent unau- 
thorized tampering therewith. Note that the usage rules 
in the rights label 72 can be in addition to or instead of 
the business rules 70 included with the request in step 
1401 , above. 

10 [0049] After the content 12 has been encrypted and 
packaged with a rights label 72, such packaged content 
1 3 may then be distributed to a user 64 (step 1 721 ). As 
should be appreciated, the packaged content 13 upon 
being distributed does not as yet have any license 16 

15 corresponding thereto. Such packaged content 12 is 
shown in Fig. 8. 

[0050] Notably, a packager 60 can decrypt any self- 
packaged content 1 2 using only the provisioning license 
16, the provisioning content 12, and the content ID in a 

20 manner akin to that set forth in Fig. 7 to calculate the 
content key (KD) forthe content 12. Thus, the packager 
can discard the unencrypted content 12 after being 
packaged without impacting the packager's ability to ac- 
cess the packaged content 13. In particular, the pack- 

25 ager 60 need not obtain a license 16 from the licensor 
62 for the content 1 2. At a later time, if the packager 60 
wants to access the self-packaged content 12, for ex- 
ample to edit the content 1 2, such packager 60 can do 
so by locating the provisioning license for the licensor 

30 URL specified in the packaged content 13 (Fig 8), ob- 
taining the shared secret and computing (KD) (Fig. 7), 
and decrypting the packaged content 13 using (KD). 
[0051] In the process set forth in connection with Fig. 
7, the provisioning content key (KD-PROV) is divulged 

35 to the packager 60. Significantly, if an unauthorized user 
were to gain access to the computing device 14 of the 
packager 60, such unauthorized user could conceivably 
obtain (KD-PROV) and employ same to obtain the 
shared Secret and (PR-PA1 ). In one embodiment of the 

40 present invention, then, the trusted component 18 on 
the computing device 14 of the packager 60 takes the 
provisioning license 1 6 and the provisioning content 1 2 
as input, extracts (KD-PROV), employs same to extract 
the shared Secret from the provisioning content 1 2, and 

45 then packages the content 12, all without allowing the 
packager 60 or any other individual to see (KD-PROV) 
or any other secrets or keys employed. 

Obtaining a License from the Licensor by the User 

50 

[0052] When a user 64 after obtaining the packaged 
content 13 attempts to render same, the user 64 is di- 
rected to obtain a valid license from the licensor 62 in a 
manner akin to that described above. In particular, and 
55 turning now to Fig. 9. the license 16 forthe packaged 
content 13 is obtained from the licensor 62 in the follow- 
ing manner. 

[0053] Preliminarily, the user 64 at a computing de- 
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vice 1 4 having atrusted component 1 8 thereon retrieves 
the rights label 72 packaged with the encrypted content 
1 2 (step 1 901 ), and obtains from the rights label 72 the 
URL of the licensor 62 (step 1903). The user 64 then 
sends an identifying certificate 74, an associated certif- 
icate chain 76, and the rights label 72 to the licensor 62 
at the obtained URL thereof (step 1905) to request a 
license 16 for the content 12. Similar to the identifying 
certificate 66, the identifying certificate 74 includes a 
public key associated with the user 64 (PU-US) that is 
to be employed to bind the license 16 to the user 64, 
where the user 64 also has a corresponding private key 
(PR-US). Note that (PU-US, PR-US) may be the public 
and private keys of the black box 30 of the trusted com- 
ponent 18 of the computing device 14 of the user 64 
(PU-BB, PR-BB), or may be the public and private keys 
of another key pair. Such another key pair may for ex- 
ample be a key pair owned by the user 64 and available 
to the trusted component 1 8 and the black box 30 there- 
of. 

[0054] The licensor 62 upon receiving the request 
from the user 64 including the identifying certificate 74, 
the associated certificate chain 76, and the rights label 
72 obtains (PU-PA1) from the rights label 72 and based 
thereon verifies the signature (S(PR-PA1)) of such 
rights label 72 with the obtained (PU-PA1 ) (step 1 907). 
Assuming the signature verifies, the Ncensor62then ob- 
tains based on (PU-PA1) information regarding the 
packager 60 as was stored as provisioning information 
at step 1419. In particular, the licensor 62 obtains the 
shared Secret from such provisioning information (step 
1909). 

[0055] At some point, the licensor 62 may also per- 
form any transaction with the user 64 that the licensor 
62 deems appropriate (step 1911). For example, the li- 
censor 62 could require the user 64 to start a subscrip- 
tion, pay a fee, etc. The licensor 62 could also authen- 
ticate the identity of the user 64 through any available 
mechanism. As may be appreciated, the transaction 
may be based in part on the usage rules in the rights 
label 72, the business rules 70 included with the request 
in step 1401 , above, or based on other rules. 
[0056] Assuming the transaction is completed, the li- 
censor 62 then issues a license 1 6 corresponding to the 
content 12 to the user 64. In particular, the Licensor ob- 
tains the Content ID from the rights label 72 (step 1 913), 
calculates the content key (KD) for the content based 
on the same calculation performed by the packager 60, 
such as for example by applying the obtained content 
ID and the Secret to: 

Content Key (KD)=SHA( Content ID, Secret) 

(step 1915), and then generates a license 16 with the 
content key (KD) by retrieving (PU-US) from the identi- 
fying certificate74 that accompanied the request in step 
1 905) (step 1917), and encrypting (KD) with (PU-US) to 



form (PU-US(KD)) (step 1919). In addition, the licensor 
62 places in the license 1 6 the content ID forthe content 
12 as obtained from the rights label 72 and the usage 
ru les for using the content 1 6 as obtained from the rights 
5 label 72 (step 1921). The license 16 as constructed or 
at least a portion thereof may be signed by a private key 
of the licensor 62 (S (PR-LI)), and the license may be 
provided with the corresponding (PU-LI) to verify same. 
[0057] Once the licensor 62 has finished constructing 
10 the license 16, the licensor 62 then sends the license 
16 to the user 64 and the user 64 appropriately stores 
same (step 1923) in a license store 38 of the trusted 
component 18 thereof. Such a license 16 is shown in 
Fig. 10. The user 64 can now render the content 1 2 un- 
15 der the conditions set forth in the license 1 6. 

CONCLUSION 

[0058] The programming necessary to effectuate the 
20 processes performed in connection with the present in- 
vention is relatively straight-forward and should be ap- 
parent to the relevant programming public. Accordingly, 
such programming is not attached hereto. Any particular 
programming, then, may be employed to effectuate the 
25 present invention without departing from the spirit and 
scope thereof. 

[0059] In the foregoing description, it can be seen that 
the present invention comprises a new and useful meth- 
od and mechanism bywhich a licensor 62 can 'provision' 

30 a packager 60 to package content 1 2 for publishing, by 
which the packager 60 in fact packages the content 12 
for publishing, and by which a license 1 6 for the pack- 
aged content 13 is obtained by a user. It be appreciated 
that changes could be made to the embodiments de- 

35 scribed above without departing from the inventive con- 
cepts thereof, Examples of such changes include the 
following. 

[0060] The present invention although disclosed 
above in terms of content 12 with rights label 72 could 

40 also be implemented in terms of content 1 2 with a head- 
er containing information similarto that disclosed as be- 
ing in the rights label 72. In addition, although disclosed 
above in terms of content 12 separate from a license 
16,the present invention could also be implemented in 

45 terms of content 12 having a license 16 incorporated 
thereinto. Further, although the licensor 62 is disclosed 
herein as both provisioning the packager 60 and issuing 
a license 16 to the user 64, the present invention could 
also be implemented with one entity provisioning the 

50 packager 60 and another entity issuing the license 16 
to the user 64, assuming the license issuing entity has 
access to the provisioning information created by the 
provisioning entity. 

[0061] Of course, provisioning as disclosed herein 
55 can be employed for purposes other than for publishing. 
For example, a user can be provisioned to access con- 
tent 12 already on media such as a portable media. In 
this case, the user acquires one or more licenses 1 6 with 
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symmetric keys that allow mapping into a key table on 
the portable media. Another example is for Enterprise 
Software License Managers, which are services set up 
within a corporation or other logical entity that issue soft- 
ware licenses to other devices. A root/ hub license man- 
ager could be provisioned to issue a certain number of 
software licenses to down-level computers. 
[0062] It should be understood, therefore, that this in- 
vention is not limited to the particular embodiments dis- 
closed, but it is intended to cover modifications within 
the spirit and scope of the present invention as defined 
by the appended claims. 



Claims 

1. A method in combination with a digital rights man- 
agement architecture wherein a packager packag- 
es digital content for a user and a licensor issues a 
digital license to the user for the content, the user 
rendering the content only in accordance with the 
license, the method for the licensor to provision the 
packager to package the content for the user such 
that the licensor can issue the license to the user 
and comprising: 

receiving a provisioning request from the pack- 
ager; 

generating a Secret to be shared with the pack- 
ager, the shared Secret allowing each to calcu- 
late a content key (KD) for the content; 
generating a random content key (KD-PROV); 
encrypting the Secret according to (KD-PROV) 
to form (KD-PROV(Secret)); 
signing a public key of the packager (PU-PA1 ) 
with a private key of the licensor (PR-LI) to cer- 
tify same ((PU-PA1) S (PR-LI)), the packager 
having a corresponding private key (PR-PA1) 
and the licensor having a corresponding public 
key (PU-LI); and 

sending (KD-PROV(Secret)), (PU-PA1) S 
(PR-LI), and any associated certificate chain to 
the packager. 

2. The method of claim 1 further comprising generat- 
ing (PU-PA1 . PR-PA1) for the packager, and en- 
crypting (PR-PA1) according to (KD-PROV) to form 
(KD-PROV(PR-PAI)), the method comprising 
sending. (KD-PROV(Secret)), (KD-PROV 
(PR-PA 1 )), (PU-PA1) S (PR-LI), and any associated 
certificate chain to the packager. 

3. The method of claim 1 comprising receiving a pro- 
visioning request from the packager including 
(PU-PA1). 

4. The method ofclaim 1 comprising receiving the pro- 
visioning request including proposed business 



rules specifying conditions under which the user is 
to be granted the license for the content packaged 
by the packager. 

5 5. The method of claim 1 further comprising perform- 
ing a financial transaction with the packager to pro- 
vision same. 

6. The method of claim 1 comprising sending 
10 (KD-PROV(Secret)), (PU-PA1 ) S (PR-LI), and any 

associated certificate chain to the packager as pro- 
visioning content renderable by the packager only 
in accordance with a corresponding provisioning li- 
cense. 

15 

7. The method of claim 6 comprising receiving the pro- 
visioning request including a public key associated 
with the packager (PU-PA2), the packager havinga 
corresponding private key (PR-PA2), the method 

20 further comprising generating the provisioning li- 
cense by encrypting (KD-PROV) with (PU-PA2) to 
form (PU-PA2(KD-PROV)), and sending the provi- 
sioning license to the packager. 

25 8. The method of claim 7 wherein (PU-PA2, PR-PA2) 
are (PU-PA1 , PR-PA1). 

9. The method of claim 7 wherein (PU-PA2, PR-PA2) 
are different from (PU-PA1 , PR-PA1). 

30 

10. The method of claim 7 further comprising generat- 
ing a provisioning content ID and appending same 
to the provisioning license. 

35 11. The method of claim 10 further comprising append- 
ing the generated provisioning content ID to the pro- 
visioning content. 

12. The method of claim 10 wherein the provisioning 
40 content ID includes an identifier of the licensor, 

13. The method of claim 7 further comprising specifying 
usage rules for using the provisioning license and 
appending same to the provisioning license. 

45 

14. The method of claim 1 further comprising storing 
provisioning information including (PU-PA1) and 
the shared Secret, the stored provisioning informa- 
tion to be employed when constructing the license 

50 for the user. 

15. A method in combination with a digital rights man- 
agement architecture wherein a packager packag- 
es digital content for a user and a licensor issues a 

55 digital license to the user for the content, the user 
rendering the content only in accordance with the 
license, the packager having provisioning content 
from the licensor including a shared Secret encrypt- 
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ed according to a random content key (KD-PROV) 
((KD-PROV(Secret))); and a provisioning, license 
from the licensor including (KD-PROV) encrypted 
according to a public key of the packager (PU-PA2) 
((PU-PA2(KD-PROV))), the method for the packag- 5 
er to package the content for the user such that the 
licensor can issue the license to the user and com- 
prising: 

selecting the provisioning license and provi- 10 
sioning content from the licensor; 
obtaining (PU-PA2(KD-PROV)) from the provi- 
sioning license; 

applying a corresponding private key of the 
packager (PR-PA2) to (PU-PA2(KD-PROV)) to 15 
result in (KD-PROV); 

obtaining (KD-PROV(Secret)) from the provi- 
sioning content; 

applying (KD-PROV) to (KD-PROV(Secret)) to 
result in the shared Secret; 20 
generating a random content ID forthe content; 
calculating a conteritkey (KD) based on the ran- 
dom content ID and the Secret; 
encrypting the content according to (KD)((KD 
(Content))); 25 
obtaining from one of the provisioning license 
and the provisioning content a provisioning 
content ID having an identifier of the licensor; 
appending to (KD(Content)) the random con- 
tent ID, a public key of the packager (PU-PA1), 30 
and the identifier of the licensor to form the 
packaged content; and 
distributing the packaged content to the user. 



16. The method of claim 15 wherein the provisioning 35 
license further includes usage rules for using the 
provisioning license, the method furthercormprising 
reviewing the usage rules and making a determina- 
tion based on such usage rules that (KD-PROV) can 

be made available from the provisioning license. 40 

17. The method of claim 15 comprising calculating the 
content key (KD) based on a hash of the random 
content ID and the Secret. 

45 

18. The method of claim 15 wherein the provisioning 
content includes a signature based on a private key 
of the licensor (PR-LI) to certify same (S (PR-LI)), 
and any associated certificate chain, the method 
further comprising traversing the certificate chain to 50 
obtain (PU-LI) and applying same to verify S 
(PR-LI). 

19. The method of claim 1 5 further comprising append- 
ing a signature to (KD(Content)), the signature be- 55 
ing based on at least one of the random content ID, 

the public key of the packager (PU-PA1 ), the iden- 
tifier of the licensor, and any usage rules specifying 
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how the user can render the content as packaged. 

20. The method of claim 15 wherein (PU-PA2) is 
(PU-PA1). 

21 . The method of claim 1 5 wherein (PU-PA2) is differ- 
ent from (PU-PA1). 

22. The method of claim 1 5 further comprising append- 
ing to (KD(Content)) any usage rules specifying 
how the user can render the content as packaged 
to form the content. 

23. A method in combination with a digital rights man- 
agement architecture wherein a packager packag- 
es digital content for a user and a licensor issues 
digital license to the user for the content, the user 
rendering the content only in accordance with the 
license, the packaged content including the content 
encrypted according to a content key (KD) ((KD 
(Content))), a content ID, and a public key of the 
packager (PU-PA1), the method for the licensor to 
issue the license to the user and comprising: 

receiving a request for a license from the user, 
the request including the content ID, (PU-PAI), 
and a public key associated with the user 
(PU-US) that is to be employed to bind the li- 
cense to the user, the user having a corre- 
sponding private key (PR-US); 
obtaining based on (PU-PA1) stored provision- 
ing information regarding the packager includ- 
ing a Secret shared therewith; 
calculating (KD) based on the content ID re- 
ceived with the request and the obtained Se- 
cret; 

encrypting (KD) according to (PU-US) as re- 
ceived with the request ((PU-US(KD))); 
appending to (PU-US(KD)) the content ID to 
form the license; and 
sending the license to the user. 

24. The method of claim 2 comprising calculating the 
content key (KD) based on a hash of the random 
content ID and the Secret. 

25. The method of claim 23 comprising receiving the 
request further including usage rules specifying 
how the user can render the content; and further 
comprising appending to (PU-US(KD)) the usage 
rules. 

26. The method of claim 23 comprising receiving 
(PU-US) in an identifying certificate, and any asso- 
ciated certificate chain. 

27. The method of claim 23 wherein the packaged con- 
tent further includes a signature based on a private 
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key of the packager (PR-PA1), corresponding to the 
public key of the packager (PU-PA1 ) ((S(PR-PA1 ))), 
the method comprising receiving the request further 
including (S(PR-PA1)) and verifying (S(PR-PA1)) 



28. The method of claim 23 further comprising perform- 
ing a financial transaction with the user to license 
same. 



29. The method of claim 23 comprising calculating the 
content key (KD) based on a hash of the random 
content ID and the Secret. 

30. The method of claim 23 further comprising append- 15 
ing to (PU-US(KD)) a signature based on a private 
key of the licensor (S (PR-LI)), and a corresponding 
public key of the licensor (PU-LI) to verify same. 
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1: IDENTIFYING CERT. 66, CERT. CHAIN 68, BUS. RULES 70 TO 
LICENSOR 62; PROV. CONTENT 12, PROV. LICENSE 16 TO 

PACKAGER 60 



LICENSOR 62 



> • < 



3: RIGHTS LABEL 
72, IDENTIFYING 
CERT. 74, CERT. 
CHAIN 76, TO 
LICENSOR 62; 
LICENSE 16 TO 
USER 64 




USER 64 



2: PACKAGED 
CONTENT 13 
WITH 

KD(CONTENT) 
TO USER 64 



FIG. 3 
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